After the site preparation in my previous blog, let’s start with Kasten installation.
The steps are very easy and straightforward to install Kasten in my OKE cluster using Helm as follows:
1- Add the Kasten Helm repository
helm repo add kasten https://charts.kasten.io/
helm repo update
2- Create a namespace for Kasten:
kubectl create namespace kasten-io
3- Install Kasten K10 using Helm:
helm install k10 kasten/k10 --namespace kasten-io
4- Just check the status of all pods:
kubectl get pods -n kasten-io
Now it is all done, it seems to be working, and is ready to be used. And the access will be through this URL:
http://<IP>:8080/k10/
What is that bearer token?!
To get the service account token, you can hit this command:
kubectl get secret -n kasten-io $(kubectl get serviceaccount k10-k10 -n kasten-io -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decodeUnfortunately, the generated code doesn’t apply, and I was frustrated that I reached here and still cannot log in. Let’s try some troubleshooting steps:
First, let’s check if the secret already exists:
kubectl get secrets -n kasten-ioIt seems there, but to be sure, I will reset the authentication:
kubectl delete secret k10-k10-token -n kasten-io
kubectl create serviceaccount k10-k10 -n kasten-io
kubectl create clusterrolebinding k10-k10-cluster-admin-binding --clusterrole cluster-admin --serviceaccount=kasten-io:k10-k10The token may be created with a different naming convention for newer Kubernetes versions. So, I tried this one:
kubectl get serviceaccount k10-k10 -n kasten-io -o jsonpath="{.secrets[0].name}"
And then use the secret name returned in this command:
kubectl get secret -n kasten-io $(kubectl get serviceaccount k10-k10 -n kasten-io -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decodeAnother notice is that in Kubernetes 1.24+, tokens are no longer automatically created with service accounts. So, you may need to create a token manually:
kubectl create token k10-k10 -n kasten-ioAll that is good, but it seems not to be working for me for some reason. I assumed I needed to recreate a new token secret with the below:
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: k10-k10-token
namespace: kasten-io
annotations:
kubernetes.io/service-account.name: k10-k10
type: kubernetes.io/service-account-token
EOFI waited a few seconds for the token controller to populate the secret, then tried retrieving it again:
kubectl get secret k10-k10-token -n kasten-io -o jsonpath="{.data.token}" | base64 --decodeIt finally works…….
And that was a happy moment to see this message: Welcome to the Kasten Dashboard.
What’s next?!
The next chapter is business as usual. You are now in, and you need to do the basic Kasten tasks: Kubernetes Backup.
Former Nuclear Engineer | University Lecturer | Technology Advisor | Digital Transformation evangelist | FinTech | Blockchain | Podcaster | vExpert ⭐️⭐️⭐️⭐️ | VeeamVanguard ⭐️⭐️ | Nutanix SME | MBA | AWS ABW Grant’23
